Confirmed users
1,983
edits
Security/Sandbox/Deny Filesystem Access: Difference between revisions
Jump to navigation
Jump to search
Security/Sandbox/Deny Filesystem Access (view source)
Revision as of 15:29, 1 August 2016
, 1 August 2016notes
(edits) |
(notes) |
||
| Line 47: | Line 47: | ||
|- | |- | ||
| {{bug|1136836}} Load chrome: URLs through parent process<br>{{bug|1109293}} Desktop content process resource:// and moz-extension:// URIs should not directly use file:/// || Might block how we handle file:// URI's || | | {{bug|1136836}} Load chrome: URLs through parent process<br/><br/>{{bug|1109293}} Desktop content process resource:// and moz-extension:// URIs should not directly use file:/// || Might block how we handle file:// URI's || | ||
# Extensions load scripts and resources from the profile directory using chrome://, resource://, moz-extension:// URI's. | # Extensions load scripts and resources from the profile directory using chrome://, resource://, moz-extension:// URI's. | ||
| Line 56: | Line 56: | ||
Notes: | Notes: | ||
* resource: URLs | |||
** [https://developer.mozilla.org/en-US/docs/Chrome_Registration#resource Aliased mappings to chrome uris] | |||
** can be accessed via frame scripts | |||
* moz-extension: URLs | |||
** new scheme related to webextensions | |||
* For chrome://, resource://, and moz-extension:// URI's accessible files are defined by registrations performed in the parent process and can be filtered. | * For chrome://, resource://, and moz-extension:// URI's accessible files are defined by registrations performed in the parent process and can be filtered. | ||
* Question: Can extensions be installed outside the profile 'extensions' directory? | * Question: Can extensions be installed outside the profile 'extensions' directory? | ||
| Line 65: | Line 70: | ||
# Printing to a printer seems to work with write access to $HOME disabled. Without using print_via_parent, using dtrace I saw plugin-container read from ~/.cups/client.conf and write to the content process temp dir ~/Library/Caches/TemporaryItems/Temp-{UUID}. | # Printing to a printer seems to work with write access to $HOME disabled. Without using print_via_parent, using dtrace I saw plugin-container read from ~/.cups/client.conf and write to the content process temp dir ~/Library/Caches/TemporaryItems/Temp-{UUID}. | ||
|- | |- | ||
| {{bug|1187099}} User stylesheets loaded from a file inside ~/Library don't apply in the content process || | | {{bug|1187099}} User stylesheets loaded from a file inside ~/Library don't apply in the content process || Issue loading stylesheets via nsIStyleSheetService || | ||
This can be address via moz-extension, resource, or chrome URLs. | |||
* Q: working on mac? (Bug 1187099) | |||
* Does not work with file:// URLs, which is expected. | |||
* Should we reject file urls here in the content process? What type of response do we give as a result? (file a bug) | |||
|} | |} | ||